Novel Lagrange interpolation polynomials for dynamic access control in a healthcare cloud system

Te-Wei Chiang; Dai-Lun Chiang; Tzer-Shyong Chen; Frank Yeong-Sung Lin; Victor R. L. Shen; Min-Chien Wang; Te-Wei Chiang; Dai-Lun Chiang; Tzer-Shyong Chen; Frank Yeong-Sung Lin; Victor R. L. Shen; Min-Chien Wang

doi:10.3934/mbe.2022427

Mathematical Biosciences and Engineering

2022, Volume 19, Issue 9: 9200-9219. doi: 10.3934/mbe.2022427

Previous Article Next Article

Research article

Novel Lagrange interpolation polynomials for dynamic access control in a healthcare cloud system

1.
Department of Information Management, National Taiwan University, Taipei City 106, Taiwan
2.
Financial Technology Applications Program, Ming Chuan University, Taoyuan City 330, Taiwan
3.
Department of Information Management, Tunghai University, Taichung City 407, Taiwan
4.
Department of Computer Science and Information Engineering, National Taipei University, Sanxia District, New Taipei City 237, Taiwan
5.
Department of Information Management, Chaoyang University of Technology, 168 Jifeng E. Rd., Wufeng District, Taichung City 413, Taiwan

Academic Editor: Vladimir Mityushev

Received: 21 March 2022 Revised: 28 May 2022 Accepted: 05 June 2022 Published: 22 June 2022

The authority of user personal health records (PHRs) is usually determined by the owner of a cloud computing system. When a PHR file is accessed, a dynamic access control algorithm must be used to authenticate the users. The proposed dynamic access control algorithm is based on a novel Lagrange interpolation polynomial with timestamps, mainly functioning to authenticate the users with key information. Moreover, the inclusion of timestamps allows user access within an approved time slot to enhance the security of the healthcare cloud system. According to the security analysis results, this healthcare cloud system can effectively resist common attacks, including external attacks, internal attacks, collaborative attacks and equation-based attacks. Furthermore, the overall computational complexity of establishing and updating the polynomials is O(n*m* (log m)²), which is a promising result, where m denotes the degree of $ polynomial~G\left(x, y\right) $ and n denotes the number of secure users in the hierarchy.
- dynamic access control,
- key management algorithm,
- Lagrange interpolation polynomial,
- personal health records,
- timestamp
Citation: Te-Wei Chiang, Dai-Lun Chiang, Tzer-Shyong Chen, Frank Yeong-Sung Lin, Victor R. L. Shen, Min-Chien Wang. Novel Lagrange interpolation polynomials for dynamic access control in a healthcare cloud system[J]. Mathematical Biosciences and Engineering, 2022, 19(9): 9200-9219. doi: 10.3934/mbe.2022427

Related Papers:

Abstract

The authority of user personal health records (PHRs) is usually determined by the owner of a cloud computing system. When a PHR file is accessed, a dynamic access control algorithm must be used to authenticate the users. The proposed dynamic access control algorithm is based on a novel Lagrange interpolation polynomial with timestamps, mainly functioning to authenticate the users with key information. Moreover, the inclusion of timestamps allows user access within an approved time slot to enhance the security of the healthcare cloud system. According to the security analysis results, this healthcare cloud system can effectively resist common attacks, including external attacks, internal attacks, collaborative attacks and equation-based attacks. Furthermore, the overall computational complexity of establishing and updating the polynomials is O(n*m* (log m)²), which is a promising result, where m denotes the degree of $ polynomial~G\left(x, y\right) $ and n denotes the number of secure users in the hierarchy.

References

[1]	A. D. Salve, R. D. Pietro, P. Mori, L. Ricci, A logical key hierarchy-based approach to preserve content privacy in decentralized online social networks, IEEE Trans. Dependable Secure Comput., 17 (2020), 2-21. https://doi.org/10.1109/TDSC.2017.2729553 doi: 10.1109/TDSC.2017.2729553
[2]	M. A. Habib, M. Ahmad, S. Jabbar, S. Khalid, J. Chaudhry, K. Saleem, et al., Security and privacy-based access control model for internet of connected vehicles, Future Gener. Comput. Syst., 97 (2019), 687-696. https://doi.org/10.1016/j.future.2019.02.029 doi: 10.1016/j.future.2019.02.029
[3]	X. H. Liu, Q. Liu, T. Peng, J. Wu, Dynamic access policy in cloud-based personal health record (PHR) systems, Inf. Sci., 379 (2017), 62-81. https://doi.org/10.1016/j.ins.2016.06.035 doi: 10.1016/j.ins.2016.06.035
[4]	Y. Xu, W. Gao, Q. Zeng, G. Wang, J. Ren, Y. Zhang, A feasible fuzzy-extended attribute-based access control technique, Cyberspace Secur. Future Internet, 2018 (2018), 1-11. https://doi.org/10.1155/2018/6476315 doi: 10.1155/2018/6476315
[5]	Y. Flaumenhaft, O. Ben-Assuli, Personal health records, global policy and regulation review, Health Policy, 122 (2018), 815-826. https://doi.org/10.1016/j.healthpol.2018.05.002 doi: 10.1016/j.healthpol.2018.05.002
[6]	U. Ruhi, R. Chugh, Utility, value, and benefits of contemporary personal health records: Integrative review and conceptual synthesis, J. Med. Internet Res., 23 (2021), e26877. https://doi.org/10.2196/26877 doi: 10.2196/26877
[7]	Y. Xu, Q. Zeng, G. Wang, C. Zhang, J. Ren, Y. Zhang, An efficient privacy-enhanced attribute-based access control mechanism, Concurrency Comput.: Pract. Exper., 32 (2020), 1-12. https://doi.org/10.1002/cpe.5556 doi: 10.1002/cpe.5556
[8]	A. Alanazi, Y. A. Anazi, The challenges in personal health record adoption, J. Healthcare Manage., 64 (2019), 104-109. https://doi.org/10.1097/JHM-D-17-00191 doi: 10.1097/JHM-D-17-00191
[9]	M. M. Hossain, Y. A. Hong, Trends and characteristics of protected health information breaches in the United States, Proc. AMIA Annu. Symp., 4 (2020), 1081-1090.
[10]	A. A. Abd-Alrazaq, B. M. Bewick, T. Farragher, P. Gardner, Factors that affect the use of electronic personal health records among patients: A systematic review, Int. J. Med. Inf., 12 (2019), 164-175. https://doi.org/10.1016/j.ijmedinf.2019.03.014 doi: 10.1016/j.ijmedinf.2019.03.014
[11]	S. Kim, T. Kim, W. Cha, J. Lee, I. Kwon, Y. Choi, et al., User experience of mobile personal health records for the emergency department: Mixed methods study, JMIR mHealth uHealth, 8 (2020), e24326. https://doi.org/10.2196/24326 doi: 10.2196/24326
[12]	H. Kim, A. Mahmood, E. Carlton, J. Goldsmith, C. Chang, S. Bhuyan, Access to personal health records and screening for breast and cervical cancer among women with a family history of cancer, J. Cancer Educ., 35 (2020), 1128-1134. https://doi.org/10.1007/s13187-019-01568-5 doi: 10.1007/s13187-019-01568-5
[13]	D. Seo, Y. Park, Y. Lee, J. Kim, J. Park, J. Lee, The use of mobile personal health records for hemoglobin A1c regulation in patients with diabetes: Retrospective observational study, J. Med. Internet Res., 22 (2020), e15372. https://doi.org/10.2196/15372 doi: 10.2196/15372
[14]	C. P. Subbe, N. Pearson, S. Wischhusen, R. Hibbs, S. Wright, M. Xenou, Scenario-based design for a hospital setting: An exploratory study of opportunities and barriers for personal health records usage, Future Healthcare J., 7 (2020), 125-130. https://doi.org/10.7861/fhj.2019-0061 doi: 10.7861/fhj.2019-0061
[15]	K. Edemacu, B. Jang, J. W. Kim, Efficient and expressive access control with revocation for privacy of PHR based on OBDD access structure, IEEE Access, 8 (2020). https://doi.org/10.1109/ACCESS.2020.2968078 doi: 10.1109/ACCESS.2020.2968078
[16]	C. Zhang, Y. Xu, Y. Hu, J. Wu, J. Ren, Y. Zhang, A blocktrain-based multi-cloud storage data auditing scheme to locate faults, IEEE Trans. Cloud Comput., (2021), 1-12. https://doi.org/10.1109/TCC.2021.3057771 doi: 10.1109/TCC.2021.3057771
[17]	N. Zahid, A. H. Sodhro, U. R. Kamboh, A. Alkhayyat, L. Wang, AI-driven adaptive reliable and sustainable approach for internet of things enabled healthcare system, Math. Biosci. Eng., 19 (2022), 3953-3971. https://doi.org/10.3934/mbe.2022182 doi: 10.3934/mbe.2022182
[18]	M. M. Madine, K. Salah, R Jayaraman, I. Yaqoob, Y. Al-Hammadi, S. Ellahham, et al., Fully decentralized multi-party consent management for secure sharing of patient health records, IEEE Access, 8 (2020). https://doi.org/10.1109/ACCESS.2020.3045048 doi: 10.1109/ACCESS.2020.3045048
[19]	K. P. Kibiwott, Y. Zhao, J. Kogo, F. Zhang, Verifiable fully outsourced attribute-based signcryption system for IoT eHealth big data in cloud computing, Math. Biosci. Eng., 16 (2019), 3561-3594. https://doi.org/10.3934/mbe.2019178 doi: 10.3934/mbe.2019178
[20]	A. Shabbir, M. Shabbir, A. R. Javed, M. Rizwan, C. Iwendi, C. Chakraborty, Exploratory data analysis, classification, comparative analysis, case severity detection, and internet of things in COVID-19 telemonitoring for smart hospitals, J. Exp. Theor. Artif. Intell., (2022), 1-28. https://doi.org/10.1080/0952813X.2021.1960634 doi: 10.1080/0952813X.2021.1960634
[21]	G. Tripathi, K. Singh, D. K. Vishwakarma, Applied convolutional neural network framework for tagging healthcare systems in crowd protest environment, Math. Biosci. Eng., 18 (2021), 8727-8757. https://doi.org/10.3934/mbe.2021431 doi: 10.3934/mbe.2021431
[22]	L. K. Ramasamy, F. Khan, M. Shah, B. V. V. S. Prasad, C. Iwendi, C. Biamba, Secure smart wearable computing through artificial intelligence-enabled internet of thinggs and cyber-physical systems for hearlth monitoring, Sensors, 22 (2022), 1076. https://doi.org/10.3390/s22031076 doi: 10.3390/s22031076
[23]	D. E. Knuth, Seminumerical algorithms, in The Art of Computer Programming, 2 (1998), Addison-Wesley.
[24]	I. Indu, P. R. Anand, Hybrid authentication and authorization model for web-based applications, in 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), IEEE, (2016), 1187-1191. https://doi.org/10.1109/WiSPNET.2016.7566324
[25]	D. R. Kuhn, E. J. Coyne, T. R. Weil, Adding attributes to role-based access control, Computer, 4 (2010), 79-81. https://doi.org/10.1109/MC.2010.155 doi: 10.1109/MC.2010.155
[26]	R. Sandhu, D. Ferraiolo, R. Kuhn, The NIST model for role-based access control: towards a unified standard, in RBAC '00: Proceedings of the fifth ACM workshop on Role-based access control, (2000), 47-63. https://doi.org/10.1145/344287.344301
[27]	E. Chickowski, Healthcare unable to keep up with insider threats, Dark Reading, Available from: https://www.darkreading.com/vulnerabilities—threats/healthcare-unable-to-keep-up-with-insider-threats/d/d-id/1137610?. Accessed: May 12, 2018.

Reader Comments

Your name:*

Email:*
© 2022 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)